RADIUS Realms

ClearBox Server treats a realm as a context in which all RADIUS requests
are handled, a set of rules how to process incoming requests for authentication
and accounting. Different requests from different clients
may be processed in different ways. When a request is received from a
RADIUS client, ClearBox Server looks through the list of configured realms
and sees if a request matches realm-defined rules.

The rules can be in the following form:

If this request is from <...> client, then use this realm.

If the user name found in the request consists from a user name separated
by a delimiter, such as the at sign (@) or the slash (/), from a domain
name.

If some attribute is present, not present in the request, or it's
equal or not equal to a specific value.

If none of this conditions is satisfied then the server looks at the
client's default realm. If it's not set, then
the server looks through the list of realms to find one marked as default
realm. If no realm is default, then a request is rejected by the server.
That's why it's desirable to define realms in such a way that there's
always a realm for the request. Note that if several realms match the
request the first of them is selected, so their order in the list of realms
is significant.

When the server founds the realm of the request it uses realm configuration
to determine what to do with the request.

The realm specifies all aspects of a request packet processing: how to
authenticate a user, what rules should a request match to be accepted,
how to log accounting data from the request, etc.

Start with defining realm selection rules at the 'Common' tab.
Select one of them and click 'Apply Changes' when ready.

Next, define how users are authenticated on the appropriate 'Authentication'
tab, then click 'Apply Changes'. Fill in the necessary data on
the 'Authorization' tab sheet if you need to have packets rejected
on some condition or to include some attributes in the accept response
message. 'Accounting' dialog allows you to select how the server
will store accounting records it received from RADIUS clients.